Senior Security Automation Engineer

The Senior Security Automation Engineer will design, develop, and optimize detection and response content to enhance the organisation’s security monitoring and incident response capabilities. You will work closely with other threat detection engineers, SOC analysts, threat intelligence analysts, and incident responders to ensure that our detection and response content is effective, scalable, and aligned with current and emerging threats. Role Responsibilities Develop, maintain and tune correlation rules and alerts to identify malicious activities with high fidelity and low false positives Develop dashboards, reports, and correlation rules to support proactive threat detection and security monitoring. Develop, deploy and maintain SOAR playbooks Develop, deploy and maintain automations in SOAR and other platforms to support SOC operations Integrate security tools, threat intelligence feeds, and custom logic into automated playbooks. Continuously improve playbook efficiency and effectiveness through testing, feedback, and metrics Integrate third-party and internal systems with SIEM and SOAR platforms through APIs and custom connectors. Continuously tune and optimise SIEM rules and SOAR playbooks to reduce false positives and improve detection accuracy. Deploy EDR agents and develop detections and integrate in to SIEM and SOAR. Collaborate with other team members and SOC management to develop and deliver solutions supporting SOC operations and customer needs Perform rule tuning, suppression, and logic refinement to minimize alert fatigue and increase detection accuracy. Participate in post-incident reviews to develop new detections and response automations. Develop and maintain parsers for log sources Mentor and support junior team members. Document processes, workflows, and procedures to facilitate knowledge sharing and customer integrations. Participate in sprint meetings to manage and track ad-hoc tasks to improve overall service to clients

Key Skills, Knowledge & Experience Proven experience in security operations, detection engineering, or content development. Strong expertise in at least one enterprise SIEM platform Proven experience creating and tuning SIEM rules, correlation logic, and dashboards. Hands-on experience building and maintaining SOAR playbooks Strong understanding of common attack vectors, TTPs, and MITRE ATT&CK framework. Proficiency in scripting or automation (e.g., Python, PowerShell, JSON, REST APIs). Excellent analytical, problem-solving, and documentation skills. Experience working in a large enterprise SOC or MSSP environment. Familiarity with EDR/XDR platforms and threat hunting methodologies. Knowledge of CI/CD pipelines for content deployment.

Our Values We’re proud to share the values we live by. They’re not dusty abstract concepts. Our values define our culture: they act as a promise to our customers and a constant challenge to ourselves, both as individuals and as a team, to be Game-Changers.

#1 Be the best you can be We challenge ourselves to raise our game each day. By embracing a mindset of growth, we continuously strive to improve ourselves, our ways of working, and the service we deliver to our customers.

#2 We do what we say. When we make a promise, we follow-through - no excuses. We don’t leave anyone hanging or walk away from challenges. Reliable and focused, we value clear communication to build trust and give customers, and colleagues, the confidence they can count on us every time.

#3 Together we win. Business is the biggest team sport of them all. By communicating well, breaking down silos and staying aligned, we create clarity and focus. Strong relationships, shared goals and commitment make us a winning team – for each other and for our customers.